CVE-2018-12049
Last modified
CVE-2018-12049 is a vulnerability of currently unknown severity. A remote attacker can bypass the System Manager Mode on the Canon LBP6030w web interface without a PIN for /checkLogin.cgi via vectors involving /portal_top.html to get full access to the device. NOTE: the vendor reportedly responded that this issue occurs when a customer keeps the default settings without using the countermeasures and best practices shown in the documentation. EPSS estimates a 5.18% chance of exploitation in the next 30 days.
Description
A remote attacker can bypass the System Manager Mode on the Canon LBP6030w web interface without a PIN for /checkLogin.cgi via vectors involving /portal_top.html to get full access to the device. NOTE: the vendor reportedly responded that this issue occurs when a customer keeps the default settings without using the countermeasures and best practices shown in the documentation
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Canon | Lbp6030w Firmware | All versions |
References
- https://gist.github.com/huykha/0381acb2dc580c728a79452b60fa082cBroken Link, Third Party Advisory
- https://www.exploit-db.com/exploits/44886/Broken Link, Third Party Advisory, VDB Entry
- https://gist.github.com/huykha/0381acb2dc580c728a79452b60fa082cBroken Link, Third Party Advisory
- https://www.exploit-db.com/exploits/44886/Broken Link, Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-12049?
How severe is CVE-2018-12049?
How do I fix CVE-2018-12049?
Are you affected by CVE-2018-12049?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST